Microsoft said late Thursday that is investigating reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service, which could allow an attacker to run code and gain access to the system.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers. Adrian Stone,security researcherMicrosoft

A stack-based buffer overrun exists in the Windows DNS Server's remote procedure call (RPC) interface implementation on Windows 2000 Server and Windows Server 2003. An attacker can send a RPC packet to the interface and run malicious code on the system.

The vulnerability is reported in Microsoft Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft said Windows XP Service Pack 2, and Windows Vista does not contain the vulnerable code.

Microsoft said a security update is planned to fix the flaws and has issued a specific workaround that can be used until a patch is issued.

In its 935964 security advisory Microsoft said it's "initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local System."

Adrian Stone, a Microsoft researcher, said in the Microsoft Security Response Center blog that Microsoft has identified steps customers can take to protect themselves. Microsoft is urging customers to disable remote management over RPC capability for DNS Servers through the registry key setting. Users can also block unsolicited inbound traffic on ports between 1024 to 5000 and enable advanced TCP/IP filtering on systems.

"While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers," Stone said.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy